[OpenWireless Tech] The police came to the AP owner first, then sniffed the air to find real culprit​

[Java Nut]

I have some comments on this. Had the AP owner had all traffic going effectively through a nonlogging VPN service, the police would probably never have come to the AP owner. Either A) the culprit would have gotten away with his activity as the police might not have known where to air sniff, or B) the culprit would have been caught directly by local air sniffing if police had other clues of the area, or by culprit revealing his own info while using the internet, or by other good old fashioned police work. If culprit is found by local air sniffing, his own location would be the point of investigation, more so than the AP itself. This could still protect the AP owner if its a neighbor (like in the story I linked) or if in a different unit of an apartment building.
There are some additional thoughts to consider if an AP owner is going to route all traffic through a nonlogging VPN service.
1) In order for AP owner to ensure his own legitimate identifying internet activity is not coming out the same end point with a guest's abuse, the AP owner should make sure his own traffic (especially that involving logins to sites) is NOT routed through the VPN. Maybe have two routers, a secure private router connected directly to the internet service, and an open router that routes its traffic through the VPN. Or maybe even two separate internet hookups, where the shared one is all VPN and never used by the owner for personally identifiable activity.
2) If there are multiple guest users of the AP, they are not protected from being accused of each other's actions. If guest A logs into Facebook while guest B is doing criminal activity and both are coming out the same endpoint somewhere else, A could be questioned about B's activities, while the AP owner remaining safe (location unknown).
3) If the abusive guest is too close to the AP, and air sniffing tools are used locally, the fact that the AP owner's connection was involved would not remain private, and the AP owner would still be at risk. In this case, police would even think AP owner was using his own AP with VPN for cover for bad activity.
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/tech/attachments/20121126/28867daa/attachment.html>